TC-CS-IAM-Ping-SM-Contractor

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

EY-Cyber Security-IAM–Consulting

As part of our EY-cyber security team, you shall Engage in Identity & Access Management projects in the capacity of architect and managing the execution of deliverables. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships, contribute in design and architecture of the enterprise level IAM platform and manage the execution of the deliverables with quality and on-time . You’ll also identify potential business opportunities for EY and GTH within existing engagements and escalate these as appropriate. Similarly, you’ll anticipate and identify risks within engagements and share any issues with senior members of the team

The opportunity

We’re looking for motivated professionals to work as Senior Manager in Identity and Access Management projects for our customers across the globe. In this role, you will contribute in the Design, development, and maintains solutions or infrastructure, ensuring team compliance with the relevant standards. Works with team to capture requirements and review design specifications. Also, the professional shall need to report any identified risks within engagements and share any issues and updates with senior members of the team.

In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help them to develop.

Your key responsibilities to

• Lead Identity & Access Management deliveries from GDS end
• Assists customer organizations with planning and implementing complex architecture solutions
• Understanding business requirements and/or problems of Clients and proposing appropriate IAM solutions
• Working experience with Sales, other Pre-Sales colleagues, Solutions team and Clients to come up with sales propositions.
• Working with sales & delivery teams for the contract renewals, work order amendments
• Assessing requirements and coming up with appropriate sizing and estimations
• Supporting Sales related activities such as Proof-of-Concept, proposal presentations, Due-Diligence, solution campaigns, participating in workshops, etc
• Involvement in creating and implementing the assessment strategy, future roadmaps, migration & upgrade plan, vendor evaluation etc
• Involvement in a successful pursuit of a potential client by being part of the RFP response team.
• Provide solution of RFP’s received from clients and ensure overall design assurance
• Depending on the client’s need with standards and technology stacks create complete RFPs
• Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture
• Provide technical leadership to the design, development, and implementation of custom solutions through thoughtful use of modern technology
• Define and understand current state solutions and identify improvements, options & trade-offs to define target state solutions
• Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps
• Evaluate and recommend solutions to integrate with overall technology ecosystem
• Tracks industry and application trends and relates these to planning current and future IT needs
• Able to create, plan, and execute advanced IAM trainings and independently drive proof of concepts involving emerging IAM technologies
• Work effectively as a team member/lead, sharing responsibility, providing support, maintaining communication and updating stakeholders team members on progress
• Assists customer organizations with planning and implementing complex architecture solutions
• Execute the engagement requirements, along with review of work done by junior team members
• Should be implementing IAM engagements, including requirements gathering, analysis, design, development, and end-end deployment.
• Develop and maintain productive working relationships with client personnel
• Build strong internal relationships within EY Consulting Services and with other services across the organization
• Help senior team members in performance reviews and contribute to performance feedback for staff/junior level team members
• Contribute to people related initiatives including recruiting and retaining IAM professionals
• Maintain an educational program to continually develop personal skills by learning various IAM tools and latest skills
• Automate the manual process in the IAM domain
• Foster teamwork and lead by example
• Training and mentoring of project resources
• Participating in the organization-wide people initiatives
• Understand and follow workplace policies and procedures

Key Technical Skills

• PingIdentity – PingFederate, PingAccess, PingDirectory, PingID MFA, PingCentral, PAPM, DAP, PingID SDK.
• OKTA, Org2Org Provisioning, Okta Access gateway, Okta Verify
• GLUU, AZURE AD, SailPoint Identity IQ, ForgeRock AM,
• SSO, SLO, SAML, WS-Fed, OIDC, OAuth, Header based Authentication, Reverse Proxy Authentication, Agent based Authentication, SCIM,
• Open DJ, LDAP, Active Directory,
• Postman - API Testing,
• Linux, windows server 2012,
• IIS, Apache web server, Tomcat,
• AWS Architecture and Design,
• ITSM - CA ticketing tool, OTRS, Jira and Service-now
   

Skills and attributes for success

• Hands-on experience on end-to-end implementation of Identity and Access Management using either of the products – Ping suite of products (PingFederate, Ping Access, PingONE), Okta, Azure AD, ForgeRock suite of products (OpenAM, OpenIDM, OpenDJ, OpenDS).
• Completed at least 2-6 implementations leveraging either of the products listed above or combination of above.
• Strong understanding of access management fundamentals like Authentication, Authorization, MFA, SSO, Federation, and Directory Services concepts.
• Good hands-on experience on OAuth 2.0, OIDC, WS-Fed protocols.
• Involved in end-to-end design and implementation of SSO architecture and designed various authentication, authorization, MFA and SSO use cases
   

Ping Suite:

• Strong competency in PingFederate, PingAccess installation, upgrade
• Designing & implementing custom authentication and authorization flows using PingFederate authentication policies
• Implemented any migration projects from one IAM tool to other
• Strong knowledge of PingFederate administrative configuration with understanding of federation protocols - SAML, OAuth/OpenID with PKCE
• Hands-on experience on developing custom adapters, PCV, selectors etc using Java
• Hands-on experience of HTML, CSS, and JavaScript
• Experience in managing Certificate & Key Management
• Experience on design and development of monitoring scripts, and OGNL expression
• Should have knowledge of API security
• Design Multi-Factor Authentication (MFA) solutions using PingID or 3rd party products
• Have hands-on experience on cloud provider – Azure or AWS or GCP
• Experience in scripting language - python, powershell, and bash
• Knowledge of other IAM products – Azure AD, Auth0, ForgeRock, OKTA
   

Okta

• Hands-on experience on Directory level integration with Okta for AD, LDAP, Azure AD, Oracle AD.
• Good Understanding on IWA, SWA and Okta Workflows.
• Hands-on experience on Okta APIs and  good understanding of XML, HTML, CSS
• Should be knowledge on Okta Access Gateway, Okta Advance Server Access and SCIM.
• Hands-on experience on developing custom UI pages, branding and email template as per business needs.
• Should be knowledge on Okta Access Gateway, Okta Advance Server Access and SCIM.
• Hands-on experience on developing custom UI pages, branding and email template as per business needs
• Experience and knowledge on Okta classic engine and Okta Identity engine
• Experience over integration of on-prem and legacy applications with Okta
• Working knowledge on multi-factor authentication, Security Rules, Policies and Provisioning.
• Hands-on experience in troubleshooting the issues related with Okta and any other AM specific tools
• Basic AD and LDAP Functionality authentication, authorization.
• Experience in Directory Integration with Okta.
• Experience in troubleshooting the access related issue reported by application team.

Azure AD

• Hands-on experience on Azure Active Directory end-to-end implementation involving designing, implementation and customization
• Understanding and experience in different technology of Azure Active Directory, B2E, B2B and B2C
• Implementation experience in ADFS, Azure AD Connect, Azure AD Application Proxy, Conditional Access Policy, LDAP, Active Directory, Application Integrations for SSO and multi-factor authentication
• Working experience in application integration with header-based, SAML2.0, OIDC, OAuth2.0, WS-Fed protocols
• Experienced in managing external identities and consumers in Azure AD B2B and B2C tenants
• Onboarding and offboarding applications on AAD B2B and B2C platforms
• Implementing custom policy using Identity Experience Framework for AAD B2C
• Experience in social login and 3rd party identity provider integration with AAD B2C
• Should have experience in assisting application team to use Microsoft libraries like MSAL
• Experience in integrating mobile application with AAD B2C
• Experience in integrating Azure AD with API management solution
• Should have knowledge on different component of Azure being used for Azure AD solution such as tenant creation, subscription, resource group.
• Should have knowledge in Identity management and Privileged Identity Management concepts
• Experienced in renew, update and troubleshoot certificate related issues
• Should have knowledge of different integration and architecture in customer’s IAM environment such as WAF, Load Balancer, network components
• Experience and exposure of using/exposing REST APIs including Azure AD graph APIs.
•  

ForgeRock

• Good understanding of Forgerock OpenAM, OpenDS and OpenIDM.
• Good to have knowledge on Forgerock OpenIG.
• Hands-on Core Java development and debugging experience.
• Knowledge on JavaScript/Groovy Script to work on custom scripts for OpenAM.
• Should be capable of dissecting large problems and designing modular, scalable solutions.
• Should be familiar with application servers such as Tomcat and WebLogic.
• Hands-on experience in setting up Forgerock OpenAM, OpenDS and OpenIDM environment in standalone and cluster environment.
• Hands-on experience on configuring Single Sign-on with Forgerock as per the requirements.
• Strong understanding of access management fundamentals like authentication and authorization.
• Capability of understanding the business requirements and converting that into design.
• Good knowledge of information security, standards and regulations.
• Should be flexible to work on new technologies in IAM domain.
• Worked in client facing role for Single Sign-On implementation with Forgerock.
• Need to be thorough in Forgerock OpenAM, OpenDS and OpenIDM with hands-on experience involving configuration, implementation & customization.
• Deployment of web application & basic troubleshooting of web application issues
   

To qualify for the role, you must have

• B. Tech./ B.E. with sound technical skills
• Strong command on verbal and written English language.
• Experience in HTML, CSS and JavaScript.
• Strong interpersonal and presentation skills.
• 10+ Years’ of relevant Work Experience on above technologies
   

Certification

• Desirable to have certifications in security domain, such as CISSP and CISA or any IAM product specific certifications
• Desirable to have product specific certifications like - Forgerock AM such as AM-100, AM-400, AM-410 or AM-421, Microsoft Azure certifications (SC-200, SC-300, AZ-500 etc), Okta certifications.

What we look for

• Who has hands on experience in setting up the Identity and Access Management environment in standalone and cluster environment.
• Who has hands-on Development experience on Provisioning Workflows, triggers, Rules and customizing the tool as per the requirements.
   

What working at EY offers

At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.

You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:

• Support, coaching and feedback from some of the most engaging colleagues around
• Opportunities to develop new skills and progress your career
• The freedom and flexibility to handle your role in a way that’s right for you

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.